| 2 Dec 2025 |
 K900 | Do you control the route metrics? | 14:48:56 |
| K900 | You can just push the correct metric over DHCP | 14:49:22 |
| K900 | If you control the DHCP | 14:49:30 |
| K900 | (you probably should do that anyway) | 14:49:41 |
| 4 Dec 2025 |
|  Ido Samuelson joined the room. | 01:46:10 |
|  isabel changed their profile picture. | 16:41:36 |
|  Tanja (she/her) changed their display name from Tanja (she/her) to Tanja (she/her) - ☎️ 4201. | 18:10:30 |
| 6 Dec 2025 |
|  P J joined the room. | 07:45:51 |
| 8 Dec 2025 |
|  okamis joined the room. | 14:22:46 |
| okamis | Im using runnixostest interactive as a playground environment. I would like it to be a bit similar as non-interactive, so I would like ssh access but not access to the internet, whats a good way to achieve that? Currently im running "ip route del default" in the testscript. | 14:24:11 |
| K900 | Could just firewall all outgoing connections | 14:24:36 |
| okamis | I had a rule drop all outgoing, and it screwed up kubectl connecting to k3s using localhost:8080, | 14:26:38 |
| K900 | Well that depends on how you implemented it | 14:27:32 |
| okamis | iptables -t filter -I FORWARD 1 -m state --state NEW -j DROP | 14:29:10 |
| K900 | Yeah that's not all outgoing connections | 14:29:28 |
| okamis | oh sorry should be OUTGOING instead of forward | 14:29:28 |
| K900 | That is also a bad idea | 14:29:35 |
| K900 | You want to match on interface | 14:29:40 |
| K900 | Or explicitly exclude loopback I guess | 14:29:45 |
| okamis | is this reasonable?
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m conntrack --ctstate NEW -j DROP
| 15:21:45 |
| K900 | Probably | 15:22:48 |
